Friday, March 20, 2009

I know everyone is probably getting tired of hearing about this one, but it is actually very neat to watch these propagate. It brings into reality the true number of people out there with computers that really have no idea as to what it means to update them and keep them as secure as possible. SRI International has updated their Conficker analysis to include the new "C" Variant addendum.

On a side note, If anyone is interested in running a honeypot for maleware and attack analysis, I would definitely recommend SRI's bothunter. It is fairly straightforward to get working. The only trouble I had was with getting SNORT to play nice with Ubuntu for some reason (probably one I caused). I actually ran it for some time before switching over to the DSHIELD WebHoneypot, mostly because I have followed DSHIELD for some time and just wanted to see how thier project worked.

Feel free to post any experience you have had with Conficker or Honeypots in the comments section....